package com.zhanghe.security.config;

import com.zhanghe.security.filter.AuthcationFilter;
import com.zhanghe.security.filter.NormalLoginFilter;
import com.zhanghe.security.filter.RefreshTokenFilter;
import com.zhanghe.security.filter.auth2.GithubAuthFilter;
import com.zhanghe.security.handler.JWTAccessDeniedHandler;
import com.zhanghe.security.property.SecurityProperties;
import com.zhanghe.security.provider.GithubAuthenticationProvider;
import com.zhanghe.security.provider.NormalProvider;
import com.zhanghe.security.provider.RefreshTokenAuthenticationProvider;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;

/**
 * SecurityConfig
 *
 * @author Clevo
 * @date 2018/7/27
 */
@Configuration
@EnableConfigurationProperties(SecurityProperties.class)
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    protected static final Logger logger = LoggerFactory.getLogger(SecurityConfig.class);

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
//        super.configure(auth);
        auth.authenticationProvider(getGithubAuthenticationProvider());
        auth.authenticationProvider(getNormalProvider());
        auth.authenticationProvider(getRefreshTokenAuthenticationProvider());
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.csrf().disable()
                .authorizeRequests()
                .antMatchers("/github_login").permitAll()
                .antMatchers("/login").permitAll()
                .antMatchers("/*").permitAll()
            .and().exceptionHandling().accessDeniedHandler(new JWTAccessDeniedHandler())
                //添加过滤器
            .and().addFilterBefore(getGithubAuthFilter(),UsernamePasswordAuthenticationFilter.class)
                  .addFilterBefore(getNormalLoginFilter(),UsernamePasswordAuthenticationFilter.class)
                  .addFilterBefore(getRefreshTokenFilter(),UsernamePasswordAuthenticationFilter.class)
                  .addFilterBefore(getAuthcationFilter(),UsernamePasswordAuthenticationFilter.class)
                //无状态

                .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
    }

        @Bean
        public RefreshTokenFilter getRefreshTokenFilter()throws Exception{
            return new RefreshTokenFilter("/refresh",authenticationManager());
        }

        @Bean
        public GithubAuthFilter getGithubAuthFilter()throws Exception{
            return new GithubAuthFilter("/github_login",authenticationManager());
        }
        @Bean
        public NormalLoginFilter getNormalLoginFilter()throws Exception{
            return new NormalLoginFilter("/login",authenticationManager());
        }
        @Bean
        public AuthcationFilter getAuthcationFilter(){
            return new AuthcationFilter();
        }
        @Bean
        public GithubAuthenticationProvider getGithubAuthenticationProvider(){
            return new GithubAuthenticationProvider();
        }
        @Bean
        public NormalProvider getNormalProvider(){
            return new NormalProvider();
        }
        @Bean
        public RefreshTokenAuthenticationProvider getRefreshTokenAuthenticationProvider(){
            return new RefreshTokenAuthenticationProvider();
        }
}
